Postfix 中继邮件不是来自“mynetwork”或“经过身份验证的用户”

tag-icon tag-icon postfix smarthost relay
Postfix 中继邮件不是来自“mynetwork”或“经过身份验证的用户”

我对 Postfix 配置有些理解困难,目前的情况是:

我有一台安装了 Plesk 的服务器,使用 Postfix 作为多个域的主 MX。现在,为了减少垃圾邮件,我想在另一台服务器上使用 mailcow 作为主 MX,将邮件转发到 Postfix。Mailcow 正在运行,并按预期将电子邮件转发到 Postfix,但是:MX 的 DNS 条目的 TTL 为 300 秒,应该在所有地方都已过时(我知道某些 DNS 主机保存信息的时间比 TTL 更长),但现在已经过去几天了,我仍然在前一个主 MX Postfix 上收到邮件,而无需通过 mailcow。

我猜测应该有一些智能选项来将所有不是从“mynetwork”或经过身份验证的用户发送的邮件从 postfix 中继到 Mailcow,这样它应该从 Mailcow(位于“mynetworks”中)返回,但我不知道如何配置 Postfix 以像这样工作。

我找到了几个关于“如何将 Postfix 配置为中继”的示例,以及许多如何将 Postfix 配置为本地 MTA 的指南,但我需要这两部分的内容。

简而言之:如果一封邮件来自“mynetwork”,它应该被传递到本地邮箱,如果它是由经过身份验证的用户发送的,它应该被相应地路由(本地或外部取决于目的地;)),如果这两种情况都不适用,那么所有的邮件都应该发送到 Mailcow(如果可能的话,已经通过本地可用的邮箱“过滤”)。

希望有人能很好地描述我的情况,并引导我朝着正确的方向前进。也许这又是一个“错误的搜索词”来寻找正确答案的情况——或者是一个以前没有人遇到过的特定用例!?:)

亲切的问候

编辑:

感谢您的回复。以下是内容,我只是将域名更改为虚拟域名。这个问题与 Plesk 无关,我想在配置文件级别更改 Postfix 以按上述方式工作,但仍应可以向本地邮箱投递邮件。一定有一种方法可以配置 Postfix 以按我想要的方式工作,而无需更改 Plesk 部分(邮箱本身的管理)。希望有一个我可以使用的解决方案 :)

postconf-n:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
append_dot_mydomain = no
authorized_flush_users =
authorized_mailq_users =
biff = no
compatibility_level = 2
disable_vrfy_command = yes
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
mailman_destination_recipient_limit = 1
message_size_limit = 30720000
mydestination = localhost.localdomain, localhost
myhostname = server.domain.tld
mynetworks =
plesk_virtual_destination_recipient_limit = 1
readme_directory = no
recipient_canonical_classes = envelope_recipient,header_recipient
recipient_canonical_maps = tcp:127.0.0.1:12346
recipient_delimiter = +
relayhost =
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
smtp_send_xforward_command = yes
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_use_tls = no
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_milters = , inet:127.0.0.1:12768
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_ciphers = medium
smtpd_tls_dh1024_param_file = /opt/psa/etc/dhparams2048.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.3
smtpd_tls_protocols = TLSv1.2 TLSv1.3
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtputf8_enable = no
tls_medium_cipherlist = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH
tls_preempt_cipherlist = yes
tls_server_sni_maps = hash:/var/spool/postfix/plesk/certs
transport_maps = , hash:/var/spool/postfix/plesk/transport
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_gid_maps = static:31
virtual_mailbox_base = /var/qmail/mailnames
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
virtual_transport = plesk_virtual
virtual_uid_maps = static:30

postconf-M:

smtp       inet  n       -       y       -       -       smtpd
cleanup    unix  n       -       y       -       0       cleanup
tlsmgr     unix  -       -       y       1000?   1       tlsmgr
rewrite    unix  -       -       y       -       -       trivial-rewrite
bounce     unix  -       -       y       -       0       bounce
defer      unix  -       -       y       -       0       bounce
trace      unix  -       -       y       -       0       bounce
verify     unix  -       -       y       -       1       verify
flush      unix  n       -       y       1000?   0       flush
proxymap   unix  -       -       n       -       -       proxymap
proxywrite unix  -       -       n       -       1       proxymap
smtp       unix  -       -       y       -       -       smtp
relay      unix  -       -       y       -       -       smtp -o syslog_name=postfix/$service_name
showq      unix  n       -       y       -       -       showq
error      unix  -       -       y       -       -       error
retry      unix  -       -       y       -       -       error
discard    unix  -       -       y       -       -       discard
local      unix  -       n       n       -       -       local
virtual    unix  -       n       n       -       -       virtual
lmtp       unix  -       -       y       -       -       lmtp
anvil      unix  -       -       y       -       1       anvil
scache     unix  -       -       y       -       1       scache
postlog    unix-dgram n  -       n       -       1       postlogd
maildrop   unix  -       n       n       -       -       pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
uucp       unix  -       n       n       -       -       pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
ifmail     unix  -       n       n       -       -       pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp      unix  -       n       n       -       -       pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n       n       -       2       pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman    unix  -       n       n       -       -       pipe flags=R user=list:list argv=/usr/lib/plesk-9.0/postfix-mailman ${nexthop} ${user} ${recipient}
plesk_virtual unix -     n       n       -       -       pipe flags=DORhu user=popuser:popuser argv=/usr/lib/plesk-9.0/postfix-local -f ${sender} -d ${recipient} -p /var/qmail/mailnames -q ${queue_id}
127.0.0.1:12346 inet n   n       n       -       -       spawn user=popuser:popuser argv=/usr/lib/plesk-9.0/postfix-srs
pickup     fifo  n       -       y       60      1       pickup
qmgr       fifo  n       -       n       1       1       qmgr
smtps      inet  n       -       y       -       -       smtpd -o smtpd_tls_wrappermode=yes
plesk_saslauthd unix y   y       y       -       1       plesk_saslauthd status=5 listen=6 dbpath=/plesk/passwd.db
submission inet  n       -       y       -       -       smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
plesk-domain1.tld-1.2.3.4- unix - - n - - smtp -o smtp_bind_address=1.2.3.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4 -o inet_protocols=ipv4 -o smtp_helo_name=domain1.tld
plesk-domain2.tld-1.2.3.4- unix - - n -     -       smtp -o smtp_bind_address=1.2.3.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4 -o inet_protocols=ipv4 -o smtp_helo_name=domain2.tld
plesk-domain3.tld-1.2.3.4- unix - - n -       -       smtp -o smtp_bind_address=1.2.3.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4 -o inet_protocols=ipv4 -o smtp_helo_name=domain3.tld
[...]
plesk-domainn.tld-1.2.3.4- unix - - n - -      smtp -o smtp_bind_address=1.2.3.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4 -o inet_protocols=ipv4 -o smtp_helo_name=domainn.tld

总结一下我想要实现的目标:

  1. 来自 MX 的 SMTP --> 对于本地域 --> 根据配置的邮箱处理
  2. 来自经过身份验证的用户的 SMTP --> 直接中继到目的地
  3. 来自任何其他地方的 SMTP(不是 MX 作为源,也不是经过身份验证的用户)--> 对于本地域 --> 中继到 MX

希望这可以总结一下?:)

到目前为止谢谢你!

相关内容